Re: Pop-up and surveys

The plot thickens. We had a warning mail sent around at work about Survey pop-ups that were purporting to come from a company called Zendesk, who provide our online ticket management system. They look suspiciously familiar (i have blurred out the first part of the address, but that is our actually our zendesk link there. I'd be very interested to know how they're doing this.

Re: Pop-up and surveys

It will either be malware or a browser extension installed locally on your machine that will have brought it down. The annoying sort of extensions that ask to be installed as part of a legitimate program halfway through so are easy to click accept on. I've not seen a variant yet that works in a different way.They scrape the page for keywords and generally use the page title to populate where you are seeing about zendesk. A similar method is used for where it shows your ISP, I believe it checks whois records to get the company name. I can't say I've checked, but that's how I would do it.It is unfortunate there is a legitimate survey campaign happening while these pop ups seem to be increasing in number again!The issue with an ISP level block (which is in principle a good idea BTW) is that if the signatures are not good enough we could end up blocking legitimate traffic. There are also lots of variants using different URLs so blocking all of them becomes impractical.Personally, I think the best thing we can do in these sort of scenarios is help to educate people. Would a blog post on how to avoid and remove these sorts of things interest people? If so, I can have a word with the guys about getting something written when something widespread like this is going on as long as it fits in with their plans for the blogs.

Re: Pop-up and surveys

Hi Scitt,Good to see you on the forums again, really miss e contributions from your team. I think that anything which helps educate users on this matter and others (how the internet is delivered, industry rules and constraints on service delivery... (to suggest a few others) is always worthwhile.@lorisarvenduThat is really useful information. With matters such as this is is always useful to know which bowser is involved. Personally I think Chrome sucks - I'm presentky battling with a FaceBook page address issue, which connects fine using IE but gets a 404 error when using Chrome or Safari - looks like the latter are screwing with the url capitalisation.Kevin

Re: Pop-up and surveys

Hi Scitt,Good to see you on the forums again, really miss e contributions from your team. I think that anything which helps educate users on this matter and others (how the internet is delivered, industry rules and constraints on service delivery... (to suggest a few others) is always worthwhile.

+1 Having a word now to see if we can write one up.@lorisarvendu - Thanks for getting back to us with this.

ex-Plusnet staffer. Any posts after 28/07/2017 aren't on behalf of Plusnet

Re: Pop-up and surveys

I've been around lurking Kevin, just not posting! I stopped entirely because of the impending move from QA to security.I'm sure there are more than a few blog posts that could be useful (or even just interesting!) to people.

Re: Pop-up and surveys

Hi Scott,Another move? Sounds like both bad and good news, bad for QA though there is a very safe pair of hands behind you (CP) and good for security. You have a track record of getting things done (not forgotten your contribution to the referrals debacle even if the fix is incomplete). Here is hoping that your move to security will put some drive behind sorting out SSL which is now some 7 months past its last forecast date.Cheers,Kevin